August 29, 2021

Migrate off of Authy’s proprietary system and extract your OTP Secrets


I figured I would do a quick write up on this as I just utilized this method to backup all of my OTP’s to another service.

Step 1.) Download Google Chrome (and enable developer mode)
             Doc on DevMode – [https://developer.chrome.com/docs/extensions/mv3/faq/#faq-dev-01](https://developer.chrome.com/docs/extensions/mv3/faq/#faq-dev-01)
Step 2.) Download Authy Extension [https://chrome.google.com/webstore/detail/authy/gaedmjdfmmahhbjefcbgaolhhanlaolb?hl=en](https://chrome.google.com/webstore/detail/authy/gaedmjdfmmahhbjefcbgaolhhanlaolb?hl=en)
             It will claim it is deprecated, but just continue as normal and validate your account with another device and authenticate with your master password to unlock all of your OTP’s.
Step 3.) Open chrome://extensions/?id=gaedmjdfmmahhbjefcbgaolhhanlaolb in chrome. There should be a backpage listed there, if the application is running then main.html will be displayed. If not, make sure to load the extension and have it running on your Desktop PC.
Step 4.) Click main.html and make sure it is in console mode.
Step 5.) C+P the following Code into the console:

appManager.getModel().forEach(function(i){
if(i.markedForDeletion === false){
console.log(‘otpauth://totp/’+i.name+’?secret=’+i.decryptedSeed+’&issuer=’+i.accountType);
}
});

Step 6.) Profit – you should get outputs similiar to the following: otpauth://totp/WebsiteHere – Description?secret=YOURSecretOTPCodeStringHere&issuer=VENDOR/SOURCE (MAY VARY)
Step 7.) Copy and paste your secret strings into bitwarden, lastpass, 1Password, or wherever you are migrating too. (your choice). – Or simply use this trick to backup your codes if you didn’t from the get go.

Enjoy. (if not allowed here, then delete – It is cybersecurity afterall.)

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.